Distributed denial-of-service (DDoS) is to initiate a large quantity of seemingly legal requests to a service provider by using a distributed client, and consumes resources or occupies resources for a long period of time, to achieve an objective of denial-of-service. There are many DDOS attack methods. A most basic DDoS attack includes occupying excessive service resources by using proper service request. Consequently, a legal user cannot obtain a response from a server. Alternatively, a most basic DDoS attack includes blocking an upstream communications link of an Internet Data Center (IDC) by sending a large quantity of packets in a short time. Consequently, an available bandwidth is dramatically reduced, resulting in a sudden increase in a normal service flow, to achieve the objective of denial-of-service. Therefore, how to defend a DDoS attack in a timely manner becomes a problem to be urgently resolved.